@CarlGottlieb's Threads

I can't overstate the significance of this #GDPR British Airways fine (1.5% of worldwide turnover / £183m) for anyone in security, privacy or senior management. You've got to get security right, with appropriate levels for your organisation, else the fines can be career changing.

Some factoids:
- GDPR fines (amongst other things) are for inappropriate security as opposed to getting breached. Breaches are a good pointer but are not themselves actionable. So organisations need to implement security that is appropriate for their size, means, risk and need.

- Security is an organisation's responsibility, whether you host IT yourself, outsource it or rely on someone else not getting hacked.
The GDPR has teeth against anyone that messes up security, but clearly action will be greatest where the human impact is most significant.